CVE-2007-1718

Description

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.

Risk Information

Base Score

5.3

MODERATE

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Score

Exploitation Probability

21.829

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234